CVE-2014-8424

Public exploit
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication.
Max CVSS
7.8
EPSS Score
89.78%
Published
2014-11-28
Updated
2014-11-28

CVE-2014-5208

Public exploit
BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784.
Max CVSS
7.5
EPSS Score
8.16%
Published
2014-12-22
Updated
2014-12-22

CVE-2014-3120

Known exploited
Public exploit
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.
Max CVSS
6.8
EPSS Score
53.21%
Published
2014-07-28
Updated
2016-12-06
CISA KEV Added
2022-03-25

CVE-2013-6117

Public exploit
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.
Max CVSS
7.5
EPSS Score
95.62%
Published
2014-07-11
Updated
2014-07-14

CVE-2013-6031

Public exploit
The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, via a direct request to (1) api/wlan/security-settings, (2) api/device/information, (3) api/wlan/basic-settings, (4) api/wlan/mac-filter, (5) api/monitoring/status, or (6) api/dhcp/settings.
Max CVSS
4.3
EPSS Score
0.59%
Published
2014-03-11
Updated
2014-03-11

CVE-2013-3977

Public exploit
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.
Max CVSS
4.3
EPSS Score
0.57%
Published
2014-05-26
Updated
2017-08-29
bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter.
Max CVSS
5.0
EPSS Score
0.58%
Published
2014-12-17
Updated
2017-01-03
The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.
Max CVSS
4.0
EPSS Score
0.24%
Published
2014-12-06
Updated
2017-09-08
Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards.
Max CVSS
5.0
EPSS Score
0.36%
Published
2014-12-08
Updated
2017-09-08
ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi.
Max CVSS
5.0
EPSS Score
0.13%
Published
2014-12-02
Updated
2014-12-03
The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.
Max CVSS
7.5
EPSS Score
0.28%
Published
2014-12-01
Updated
2014-12-01
MantisBT before 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote attackers to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for the public_key value 0.
Max CVSS
5.0
EPSS Score
0.64%
Published
2014-12-06
Updated
2017-09-08
The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify the administrator's credentials and consequently gain privileges via unspecified vectors.
Max CVSS
4.0
EPSS Score
0.08%
Published
2014-12-22
Updated
2017-09-08
DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.
Max CVSS
5.0
EPSS Score
0.60%
Published
2014-10-22
Updated
2016-07-15
DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.
Max CVSS
5.0
EPSS Score
0.60%
Published
2014-10-22
Updated
2016-07-15
The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options.
Max CVSS
5.4
EPSS Score
0.90%
Published
2014-12-11
Updated
2019-07-30
The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.
Max CVSS
4.3
EPSS Score
0.25%
Published
2014-12-11
Updated
2016-12-22
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object restrictions via a call to an unspecified method.
Max CVSS
4.3
EPSS Score
0.25%
Published
2014-12-11
Updated
2016-12-22
The MySQL database in McAfee Network Data Loss Prevention (NDLP) before 9.3 does not require a password, which makes it easier for remote attackers to obtain access.
Max CVSS
7.5
EPSS Score
0.30%
Published
2014-10-29
Updated
2014-10-30
CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.
Max CVSS
6.8
EPSS Score
0.75%
Published
2014-11-04
Updated
2017-09-08
Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain access data for the ftp and telnet services via a direct request for ZTPUsrDtls.txt.
Max CVSS
10.0
EPSS Score
0.29%
Published
2014-10-20
Updated
2014-10-23
The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.
Max CVSS
5.0
EPSS Score
0.60%
Published
2014-10-22
Updated
2017-11-04
The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422.
Max CVSS
4.3
EPSS Score
0.15%
Published
2014-12-17
Updated
2014-12-17
Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended access restrictions via a crafted web site.
Max CVSS
5.0
EPSS Score
0.42%
Published
2014-11-19
Updated
2017-09-08
HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors.
Max CVSS
8.5
EPSS Score
0.35%
Published
2014-12-10
Updated
2019-10-09
165 vulnerabilities found
1 2 3 4 5 6 7
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!